36722 matches found
CVE-2026-50708
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...
CVE-2026-50711
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component...
CVE-2026-50710
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...
CVE-2026-50701
A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...
CVE-2026-50705
A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...
CVE-2026-50712
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component...
CVE-2026-50700
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...
CVE-2026-50712
Frappe Framework 17.0.0-dev has a stored XSS in the frappe.ui.Tree component caused by improper neutralization of user-controlled input in tree node label rendering. The vulnerability affects the Tree view labeling logic and can lead to script content being stored and reflected in the UI. Publicl...
CVE-2026-50711
CVE-2026-50711 affects Frappe Framework (17.0.0-dev). A Stored XSS exists in the Number Card component due to improper neutralization of user-controlled input. The connected documents confirm the vulnerability but do not specify exploit details, affected versions beyond 17.0.0-dev, or remediation...
CVE-2026-50699
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...
CVE-2026-50698
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RSS context deletion logic We need to free the corresponding RSS context VNIC in the framework FW every time an RSS context is deleted in the driver. Commit 667ac333dbb7 added a check to delete the VNIC in the...
CVE-2026-50710
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...
CVE-2026-50710 Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...
CVE-2026-50710
CVE-2026-50710 affects Frappe Framework 17.0.0-dev with a Stored XSS in the Number Card filters_config due to unsafe evaluation of user-controlled data. The root cause is evaluating user-provided data in the Number Card component, enabling script injection. Public references are to Fluid Attacks ...
CVE-2026-50709
CVE-2026-50709 : In Frappe Framework 17.0.0-dev, a stored XSS vulnerability exists in the Notifications → Events panel due to improper neutralization of user-controlled input. The issue affects the rendering of color in Events and is described with a CVSS v4.0 base score of 4.8 (MEDIUM). The conn...
CVE-2026-50709 Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...
CVE-2026-50708
CVE-2026-50708 affects Frappe Framework 17.0.0-dev, with a Stored XSS in the MultiSelectDialog component caused by improper neutralization of user-controlled input. The CVSS v4.0 base score is 4.8 (Medium), with network attack vector, low privileges required, and user interaction required. The im...
CVE-2026-50708 Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...
CVE-2026-50705 Frappe Framework 17.0.0-dev - Stored XSS in Form Dashboard headline rendering
A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...